WiFi Security Blunders
This article was published by ComputorEdge, issue #2639, , as the cover article, in both their PDF edition (on pages 8-9) and their website. It was reprinted as Major Mistakes And Myths About WiFi Security in The Seed (the newsletter of the Denver Apple Pi computer club), volume 30, number 10, 2008-10, on pages 1-3.
Wireless local area networks (LANs) continue to see greater adoption in the corporate world, and in the public sector, such as the wireless access made available in public libraries and municipal centers. Similarly, wireless networks are being increasingly chosen for home environments, by computer users who want to avoid having their laptops tethered to an Ethernet line in order to be connected to the Internet. The second reason is to allow WiFi capable devices, aside from laptops, to be networked together.
WiFi, which is a trade name for a network technology, may offer many advantages, but it also presents some new problems to the home computer user. In addition to reduced transmission speeds compared to Ethernet (i.e., a wired network), WiFi opens up a veritable Pandora's box of security dangers, because the information flowing through the networks is doing so not by direct device-to-device communication, but instead by being broadcast in all directions as electromagnetic waves through the air. If the receiving device is within range of those waves, and they are strong enough upon receipt, then the target device can receive the information as intended.
But what about other WiFi-capable devices that also happen to be within range of the network signal? They too have the potential for receiving that information, even if the owner of that information never planned for them to do so. For instance, an apartment dweller may set up a home wireless network so she can surf the Web while sitting on her couch, away from any Ethernet lines. But if that network has not been made secure, then her neighbors will also be able to access the Internet, without paying for it.
Even worse, if any of those neighbors engage in illegal or at least questionable activities on the Internet — such as sharing copyrighted music and movies — then the IP address associated with those activities is that of the innocent owner. Authorities may or may not accept her excuse that she had no idea that other people were piggybacking on her Internet connection — though that defense has been tested in civil courts in the United States.
WEP-ing and Weeping
Given the need to protect their own sensitive information being transmitted over the Internet (such as credit card numbers entered on e-commerce websites) and to prevent unauthorized people from exploiting their Internet connection, home network users have tried all sorts of WiFi security techniques. Unfortunately, almost all of them are ineffectual, to one degree or another. Before I explore the details of these flawed measures, it is important to clarify that this is not an issue that can be brushed aside by anyone setting up a home WiFi network, because the default settings for most if not all WiFi devices leaves them open, i.e., without encryption. It also leaves such networks, and their unsuspecting users, wide open to attack.
Wired Equivalent Privacy (WEP) is an encryption standard that was an early attempt by the computer network industry to offer a supposedly strong level of protection against intruders, and was initially touted as being unbreakable. Soon thereafter it became widely adopted, and is probably still the most commonly employed WiFi security measure.
Sadly, WEP is easily penetrated by any determined attacker, who would normally use what are known as "packet injection attacks" in order to crack the network security. This is true even when the network in question has been properly configured, and even more so when not properly configured, which is the case for far too many home users — especially those unfamiliar with setting up computers and networks.
Weaker than WEP
There are many ineffective WiFi security techniques aside from WEP. One approach is to locate your WiFi access points (i.e., wireless cards and other antennas) in the center of the area for which you want WiFi coverage, and then reduce the transmission power to the point where it does not extend outside of the physical space that you can keep secure, such as your home or office building. At first glance, this approach might seem impervious to attack, until one realizes that hackers are not limited to the relatively weak antenna reception of the typical neighbor's laptop. Hackers can employ much larger antennas, and thus still receive your transmitter's signal, even if your neighbors cannot using their laptop wireless cards.
Dynamic Host Configuration Protocol (DHCP) allows a few different modes for obtaining an IP address, and has been criticized by some so-called security experts as a chink in the WiFi security armor. In turn, they have advised all network users to implement static IP addressing, instead of allowing DHCP to automatically assign an address. But a knowledgeable hacker can determine your network's IP scheme in little time, and thus this technique is of equally little value.
MAC filtering, which limits packet traffic to a set of verified and trusted IP addresses, has been advocated as a strong way to prevent network intrusion. However, it is not difficult for hackers to read ("sniff") your network's traffic, and from this detect one or more of the IP addresses that the MAC filtering has deemed trustworthy. Once such an address has been discovered, it can then be used to penetrate the network, masquerading as a verified source.
Security in Numbers?
A parent does not need an advanced degree in thermodynamics to understand a fundamental principle of keeping their children warm when they venture outside into cold weather: Layering is generally quite effective, because each layer of clothing traps warm air, even if each layer contains some holes. But does the same principle apply in the realm of keeping coldhearted hackers out of your warm network?
One of many areas of controversy in the field of wireless security, is whether or not layering of multiple — and admittedly flawed — security practices is any improvement upon using one or just a subset of them. The more knowledgeable security experts argue that layering provides no extra value, because hackers can simply work their way through each layer, until they reach the information they seek. Because so many of the attacks can be accomplished in less than a minute, and there are plenty of free tools to do so, layering does not offer the deterrence value claimed by its advocates.
There is an additional danger in implementing and relying upon any of the techniques covered here: All of them, even when combined together, can give you a false sense of security. It is much better to understand exactly how vulnerable one's wireless network might be, and then shore up that vulnerability by using a security measure that really works, such as WPA-PSK security configured with a random alphanumeric pass-phrase longer than 10 characters.
After all, it can be good to share, but not to share your Internet service with others intent upon evil.